Bump azure/login to V2 #13602

snesm · 2024-03-06T16:44:16Z

This PR updates azure/login to V2 which uses Node.js v20.

If you are suggesting a fix for a currently exploitable issue, please disclose the issue to the prime-reportstream team directly outside of GitHub instead of filing a PR, so we may immediately patch the affected systems before a disclosure. See SECURITY.md/Reporting a Vulnerability for more information.

Test Steps:

Include steps to test these changes

Changes

Include a comprehensive list of changes in this PR
(For web UI changes) Include screenshots/video of changes

Checklist

Testing

Tested locally?
Ran ./prime test or ./gradlew testSmoke against local Docker ReportStream container?
(For Changes to /frontend-react/...) Ran npm run lint:write?
Added tests?

Process

Are there licensing issues with any new dependencies introduced?
Includes a summary of what a code reviewer should test/verify?
Updated the release notes?
Database changes are submitted as a separate PR?
DevOps team has been notified if PR requires ops support?

Linked Issues

Fixes #issue

To Be Done

Create GitHub issues to track the work remaining, if any

#issue

Specific Security-related subjects a reviewer should pay specific attention to

Does this PR introduce new endpoints?
- new endpoint A
- new endpoint B
Does this PR include changes in authentication and/or authorization of existing endpoints?
Does this change introduce new dependencies that need vetting?
Does this change require changes to our infrastructure?
Does logging contain sensitive data?
Does this PR include or remove any sensitive information itself?

If you answered 'yes' to any of the questions above, conduct a detailed Review that addresses at least:

What are the potential security threats and mitigations? Please list the STRIDE threats and how they are mitigated
- Spoofing (faking authenticity)
  - Threat T, which could be achieved by A, is mitigated by M
- Tampering (influence or sabotage the integrity of information, data, or system)
- Repudiation (the ability to dispute the origin or originator of an action)
- Information disclosure (data made available to entities who should not have it)
- Denial of service (make a resource unavailable)
- Elevation of Privilege (reduce restrictions that apply or gain privileges one should not have)
Have you ensured logging does not contain sensitive data?
Have you received any additional approvals needed for this change?

github-actions · 2024-03-06T16:44:32Z

Dependency Review

✅ No vulnerabilities or license issues found.

Scanned Manifest Files

.github/workflows/release_chatops_app.yml

.github/workflows/restore_databases.yml

.github/workflows/start_test_servers.yml

.github/workflows/stop_test_servers.yml

.github/workflows/validate_resources.yml

github-actions · 2024-03-06T16:59:53Z

Test Results

1 091 tests ±0 1 087 ✅ ±0 5m 42s ⏱️ +13s
131 suites ±0 4 💤 ±0
131 files ±0 0 ❌ ±0

Results for commit cf854f1. ± Comparison against base commit 00f9260.

♻️ This comment has been updated with latest results.

github-actions · 2024-03-06T17:10:46Z

Integration Test Results

52 files ±0 52 suites ±0 13m 26s ⏱️ +39s
358 tests ±0 348 ✅ ±0 10 💤 ±0 0 ❌ ±0
361 runs ±0 351 ✅ ±0 10 💤 ±0 0 ❌ ±0

Results for commit cf854f1. ± Comparison against base commit 00f9260.

♻️ This comment has been updated with latest results.

JosiahSiegel

🎉

* Bump operations/slack-boltjs-app from `830717e` to `1c5340b` Bumps [operations/slack-boltjs-app](https://github.com/JosiahSiegel/slack-boltjs-app) from `830717e` to `1c5340b`. - [Release notes](https://github.com/JosiahSiegel/slack-boltjs-app/releases) - [Commits](JosiahSiegel/slack-boltjs-app@830717e...1c5340b) --- updated-dependencies: - dependency-name: operations/slack-boltjs-app dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * update tf to valid staging chatops * move file change summary to local action * SC Onboarding also allow to replace FHS-2 and BHS-2 * exclude specific whole directories under operations * Bump bridgecrewio/checkov-action from 12.2682.0 to 12.2683.0 (#13586) Bumps [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) from 12.2682.0 to 12.2683.0. - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](bridgecrewio/checkov-action@e1c43cb...1d2da02) --- updated-dependencies: - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 10510: remove support for relative pathing, schema setting normalization, schema management SOP (#13530) * 10510: remove support for relative pathing and schema setting normalization * 10510: last mile cleanup while writing Sync SOP * 10510: SOP for syncing schemas between environments * fixup! 10510: SOP for syncing schemas between environments * fixup! 10510: last mile cleanup while writing Sync SOP * fixup! 10510: last mile cleanup while writing Sync SOP * Update prime-router/docs/standard-operating-procedures/managing-translation-schemas-in-azure.md * Correct code according to Micheal's review * Response to Victor comment * Bump bridgecrewio/checkov-action from 12.2683.0 to 12.2684.0 (#13600) Bumps [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) from 12.2683.0 to 12.2684.0. - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](bridgecrewio/checkov-action@1d2da02...3758458) --- updated-dependencies: - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Revert "10510: remove support for relative pathing, schema setting normalizat…" (#13597) This reverts commit 961162a. * Bug: fix schema name to not exceed max width (#13594) * Bug: fix schema name to not exceed max width * fixup! Bug: fix schema name to not exceed max width * Bump azure/login to V2 (#13602) * update HI on where we're live (#13608) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Josiah Siegel <josiah.siegel@semanticbits.com> Co-authored-by: Josiah Siegel <5522990+JosiahSiegel@users.noreply.github.com> Co-authored-by: Ott Sathngam <ott.sathngam@gmail.com> Co-authored-by: Michael Kalish <michael.kalish@focusconsulting.io> Co-authored-by: Stephen Nesman <94193373+snesm@users.noreply.github.com> Co-authored-by: James Gilmore <109554461+GilmoreA6@users.noreply.github.com>

Bump azure/login to V2

97c9c7d

snesm temporarily deployed to staging March 6, 2024 16:44 — with GitHub Actions Inactive

snesm requested a review from JosiahSiegel March 6, 2024 16:47

snesm added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Mar 6, 2024

snesm marked this pull request as ready for review March 6, 2024 16:50

snesm requested a review from a team as a code owner March 6, 2024 16:50

Merge branch 'master' into snesm/loginV2

e3ad678

snesm temporarily deployed to staging March 6, 2024 16:51 — with GitHub Actions Inactive

snesm mentioned this pull request Mar 6, 2024

GitHub Actions: Transitioning from Node 16 to Node 20 #13537

Closed

2 tasks

snesm enabled auto-merge (squash) March 6, 2024 18:04

Merge branch 'master' into snesm/loginV2

09971da

snesm temporarily deployed to staging March 6, 2024 20:06 — with GitHub Actions Inactive

JosiahSiegel approved these changes Mar 6, 2024

View reviewed changes

Merge branch 'master' into snesm/loginV2

cf854f1

snesm temporarily deployed to staging March 6, 2024 20:33 — with GitHub Actions Inactive

snesm merged commit d551ed6 into master Mar 6, 2024
2 checks passed

snesm deleted the snesm/loginV2 branch March 6, 2024 21:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump azure/login to V2 #13602

Bump azure/login to V2 #13602

snesm commented Mar 6, 2024 •

edited

Loading

github-actions bot commented Mar 6, 2024 •

edited

Loading

github-actions bot commented Mar 6, 2024 •

edited

Loading

github-actions bot commented Mar 6, 2024 •

edited

Loading

JosiahSiegel left a comment

Bump azure/login to V2 #13602

Bump azure/login to V2 #13602

Conversation

snesm commented Mar 6, 2024 • edited Loading

Changes

Checklist

Testing

Process

Linked Issues

To Be Done

Specific Security-related subjects a reviewer should pay specific attention to

github-actions bot commented Mar 6, 2024 • edited Loading

Dependency Review

Scanned Manifest Files

github-actions bot commented Mar 6, 2024 • edited Loading

Test Results

github-actions bot commented Mar 6, 2024 • edited Loading

Integration Test Results

JosiahSiegel left a comment

Choose a reason for hiding this comment

snesm commented Mar 6, 2024 •

edited

Loading

github-actions bot commented Mar 6, 2024 •

edited

Loading

github-actions bot commented Mar 6, 2024 •

edited

Loading

github-actions bot commented Mar 6, 2024 •

edited

Loading